diff options
| -rw-r--r-- | config/networking.nix | 18 | ||||
| -rw-r--r-- | config/users.nix | 5 |
2 files changed, 22 insertions, 1 deletions
diff --git a/config/networking.nix b/config/networking.nix index 4de42c9..f48927b 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -17,5 +17,23 @@ pskRaw = "ext:psk"; }; }; + + firewall.allowedUDPPorts = [51820]; + wireguard = { + enable = true; + interfaces.talaria = { + ips = ["10.13.42.2/24"]; + listenPort = 51820; + privateKeyFile = "/etc/wireguard/talaria.key"; + peers = [ + { + publicKey = "qgDFtt7qlKXW81bKpGHg793OXKPM4Hfjg9ntQrANXio="; + allowedIPs = ["10.13.42.1"]; + endpoint = "hermes.aristote.fr:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; }; } diff --git a/config/users.nix b/config/users.nix index 8d8715c..c6b2e7d 100644 --- a/config/users.nix +++ b/config/users.nix @@ -5,7 +5,10 @@ isSystemUser = true; shell = pkgs.busybox-sandbox-shell; group = "nixremote"; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes" + ]; }; groups.nixremote = {}; }; |